forked from extern/shorewall_code
Issue a clearer diagnostic when ip6tables is missing
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@1183 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
This commit is contained in:
teastep
parent
a469d0d317
commit
b79ad25c7e
@ -58,3 +58,7 @@ Changes since 1.4.10
|
||||
28) Fix the help file.
|
||||
|
||||
29) Correct handling of !z1,z2,... in a DNAT/REDIRECT rule.
|
||||
|
||||
30) Remove fw->fw policy.
|
||||
|
||||
31) Issue clearer message if ip6tables not installed.
|
||||
|
||||
@ -975,6 +975,19 @@ setup_forwarding() {
|
||||
esac
|
||||
}
|
||||
|
||||
#
|
||||
# Disable IPV6
|
||||
#
|
||||
disable_ipv6() {
|
||||
if qt which ip6tables; then
|
||||
ip6tables -P FORWARD DROP
|
||||
ip6tables -P INPUT DROP
|
||||
ip6tables -P OUTPUT DROP
|
||||
else
|
||||
error_message "WARNING: DISABLE_IPV6=Yes in shorewall.conf but this system has no ip6tables"
|
||||
fi
|
||||
}
|
||||
|
||||
#
|
||||
# Stop the Firewall
|
||||
#
|
||||
@ -1010,11 +1023,7 @@ stop_firewall() {
|
||||
delete_proxy_arp
|
||||
[ -n "$CLEAR_TC" ] && delete_tc
|
||||
|
||||
if [ -n "$DISABLE_IPV6" ]; then
|
||||
ip6tables -P FORWARD DROP
|
||||
ip6tables -P INPUT DROP
|
||||
ip6tables -P OUTPUT DROP
|
||||
fi
|
||||
[ -n "$DISABLE_IPV6" ] && disable_ipv6
|
||||
|
||||
if [ -z "$ADMINISABSENTMINDED" ]; then
|
||||
for chain in INPUT OUTPUT FORWARD; do
|
||||
@ -4274,11 +4283,7 @@ initialize_netfilter () {
|
||||
setcontinue INPUT
|
||||
setcontinue OUTPUT
|
||||
|
||||
if [ -n "$DISABLE_IPV6" ]; then
|
||||
ip6tables -P FORWARD DROP
|
||||
ip6tables -P INPUT DROP
|
||||
ip6tables -P OUTPUT DROP
|
||||
fi
|
||||
[ -n "$DISABLE_IPV6" ] && disable_ipv6
|
||||
|
||||
#
|
||||
# Enable the Loopback interface for now
|
||||
|
||||
@ -76,12 +76,6 @@
|
||||
###############################################################################
|
||||
#SOURCE DEST POLICY LOG LIMIT:BURST
|
||||
# LEVEL
|
||||
#
|
||||
# Unless you *really* know what you are doing, DO NOT TOUCH THIS
|
||||
# POLICY!
|
||||
#
|
||||
fw fw ACCEPT
|
||||
#
|
||||
loc net ACCEPT
|
||||
net all DROP info
|
||||
#
|
||||
|
||||
@ -26,6 +26,11 @@ Problems Corrected since RC1
|
||||
to allow traffic through a bridge while shorewall is stopped.
|
||||
|
||||
2) The /usr/share/shorewall/help file has been corrected.
|
||||
|
||||
3) fw->fw policy removed from /etc/shorewall/policy.
|
||||
|
||||
4) If IPV6_DISABLE=Yes, a clearer diagnostic message is issued if
|
||||
ip6tables is not installed.
|
||||
-----------------------------------------------------------------------
|
||||
Issues when migrating from Shorewall 1.4.x to Shorewall 2.0.0:
|
||||
|
||||
|
||||
Loading…
Reference in New Issue
Block a user